U.S. patent application number 10/153644 was filed with the patent office on 2002-10-03 for recording medium control method, data management apparatus, and recording medium.
This patent application is currently assigned to Fujitsu Limited. Invention is credited to Nishimura, Hisayuki, Ono, Akiko.
Application Number | 20020139860 10/153644 |
Document ID | / |
Family ID | 14237449 |
Filed Date | 2002-10-03 |
United States Patent
Application |
20020139860 |
Kind Code |
A1 |
Ono, Akiko ; et al. |
October 3, 2002 |
Recording medium control method, data management apparatus, and
recording medium
Abstract
The present invention has an object of providing a recording
medium control method, a data management apparatus, and a recording
medium for managing data by duplicating the data in each of a
plurality of recording media. Two IC cards are loaded into a data
management apparatus. In duplicating data in the two loaded IC
cards, the two IC cards store their card characteristic numbers for
self-identification and the card characteristic number of each
other's pair IC card. If the card characteristic number of the pair
IC card stored in one IC card matches the card characteristic
number of the other IC card, the two IC cards are controllable.
Inventors: |
Ono, Akiko; (Zama, JP)
; Nishimura, Hisayuki; (Kawasaki, JP) |
Correspondence
Address: |
ARMSTRONG,WESTERMAN & HATTORI, LLP
1725 K STREET, NW.
SUITE 1000
WASHINGTON
DC
20006
US
|
Assignee: |
Fujitsu Limited
Kawasaki
JP
|
Family ID: |
14237449 |
Appl. No.: |
10/153644 |
Filed: |
May 24, 2002 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
10153644 |
May 24, 2002 |
|
|
|
PCT/JP99/06736 |
Dec 1, 1999 |
|
|
|
Current U.S.
Class: |
235/487 |
Current CPC
Class: |
G07F 7/1008 20130101;
G06K 19/10 20130101; G06Q 20/341 20130101; G06Q 20/229 20200501;
G06K 7/0034 20130101; G06Q 20/4097 20130101 |
Class at
Publication: |
235/487 |
International
Class: |
G06K 019/00 |
Claims
1. A recording medium control method for controlling access to a
plurality of recording media each storing duplicated data, wherein:
each of the recording media stores identification information for
identifying which of the recording media stores the duplicated
data; it is determined whether the data of the recording media are
consistent with each other based on the identification information;
the access to the recording media is enabled if it is determined
that the data of the recording media are consistent with each
other; and the access to the recording media is inhibited if it is
determined that the data of the recording media are inconsistent
with each other.
2. The recording medium control method as claimed in claim 1,
wherein each of the recording media stores, as the identification
information, first identification information for
self-identification and second identification information for
identifying another of the recording media; and it is determined
that there is data consistency between one of the recording media
and the rest of the recording media if the first identification
information of the one of the recording media exists as the second
identification information in the rest of the recording media.
3. The recording medium control method as claimed in claim 1,
wherein each of the recording media stores third identification
information for identifying an apparatus in which the recording
media are loaded; and the apparatus is enabled to control the
recording media when the third identification information matches
identification information of the apparatus.
4. A data management apparatus loaded with a plurality of recording
media each storing duplicated data and controlling access to the
loaded recording media, the data management apparatus comprising:
an access control part determining whether the duplicated data of
the recording media are consistent with each other and controlling
the access to the recording media based on a result of the
determination, wherein: each of the recording media stores
identification information for identifying which of the recording
media stores the duplicated data; said access control part makes
the determination based on the identification information; and said
access control part enables the access to the recording media if
said access control part determines that the data of the recording
media are consistent with each other and inhibits the access to the
recording media if said access control part determines that the
data of the recording media are inconsistent with each other.
5. The data management apparatus as claimed in claim 4, wherein
each of the recording media stores, as the identification
information, first identification information for
self-identification and second identification information for
identifying another of the recording media; and said access control
part determines that there is data consistency between one of the
recording media and the rest of the recording media if the first
identification information of the one of the recording media exists
as the second identification information in the rest of the
recording media.
6. The data management apparatus as claimed in claim 5, wherein
each of the recording media stores third identification information
for identifying the data management apparatus in which the
recording media are loaded; and said access control part enables
the data management apparatus to control the recording media when
the third identification information matches identification
information of the data management apparatus.
7. The data management apparatus as claimed in claim 4, wherein
each of the recording media stores version information updated
every time the data thereof is updated; and said access control
part records the data of a first one of the recording media on a
second one of the recording media so as to set the first and second
recording media controllable if the version information of the
first and second information media are different from each other,
the version information of the first recording medium being updated
more times than that of the second recording medium.
8. The data management apparatus as claimed in claim 7, further
comprising a version number update part updating the version
information of each of the recording media when the recording media
are removed from the data management apparatus in which the
recording media are loaded.
9. The data management apparatus as claimed in claim 4, wherein
each of the recording media stores determination information for
determining whether the recording medium is independently
controllable; and said access control part recognizes the
determination information of each of the recording media if said
access control part determines that there is no data consistency
between the recording media, and sets one of the recording media
controllable if the determination information of the one of the
recording media shows that the one of the recording media is
independently controllable.
10. The data management apparatus as claimed in claim 4, wherein
each of the recording media stores determination information for
determining whether the recording medium is in use; and said access
control part inhibits the access to the recording media if the
determination information shows that at least one of the recording
media is in use, and sets the recording media usable if the
determination information shows that all of the recording media are
unused.
11. The data management apparatus as claimed in claim 4, wherein
each of the recording media stores determination information for
determining whether the data recorded on the recording medium is
valid or invalid; and said access control part inhibits the access
to the recording media if the determination information of one of
the recording media shows that the data recorded thereon is
invalid.
12. The data management apparatus as claimed in claim 4, wherein
each of the recording media has the data stored divided into a
plurality of data blocks, and stores data identification
information for identifying divided pieces of the data with
corresponding data block identification information for identifying
the data blocks storing the divided pieces of the data; and said
access control part recognizes the data block identification
information based on the data identification information and makes
accessible one of the data blocks which one stores a required one
of the divided pieces of the data based on the data block
identification information.
13. The data management apparatus as claimed in claim 4, further
comprising: a monitoring part monitoring an abnormality in each of
the recording media storing abnormal information indicating whether
another of the recording media has the abnormality; and an
information recording part recording information indicating
occurrence of the abnormality in one of the recording media on the
rest of the recording media as the abnormal information if the
abnormality in the one of the recording media is detected.
14. A recording medium for recording data, comprising: a plurality
of data blocks for recording the data, the data blocks each
comprising: a data recording part recording a number of times the
data is updated as number management information; and a recording
control part moving the data stored in the data block to a next
available one of the data blocks if the number management
information reaches a preset given number of times.
Description
TECHNICAL FIELD
[0001] The present invention relates to recording medium control
methods, data management apparatuses, and recording media, and more
particularly to a recording medium control method, a data
management apparatus, and a recording medium for data management by
duplicating data in each of a plurality of recording media.
[0002] Commercial transactions using electronic money have been
conducted of late. For the commercial transactions using electric
money, management apparatuses employing IC cards as storage devices
for receiving and transferring value data such as electronic money
have been developed. Normally, an IC card employed in such
management apparatuses is provided with a unique IC chip having a
particular authentication function. Such an IC card is allowed to
exchange data only with an IC card or an apparatus having the same
IC chip, thereby increasing the reliability of the data.
[0003] However, the reliability of the data is insufficient since
the data is still exchangeable between the IC cards or the IC card
and the apparatus having the same IC chip. Therefore, there have
been demands for further increasing the data reliability.
BACKGROUND ART
[0004] FIG. 1 is a block diagram showing a conventional
example.
[0005] IC cards 2-1 through 2-n are attached to an electronic money
management apparatus 1. The electronic money management apparatus 1
is connected via a network 3 to a terminal device 4.
[0006] The electronic money management apparatus 1 stores value
data such as electronic money in the IC cards 2-1 through 2-n, and
exchanges the value data such as electronic money with the terminal
device 4 via the network 3.
[0007] The electronic money management apparatus 1 is composed of
communication parts 5 and 6, a nonvolatile memory 7, a CPU 8, and
connection terminals 9-1 through 9-n. The communication part 5
controls communication with the network 3. The communication part 6
controls communication with the IC cards 2-1 through 2-n.
[0008] The nonvolatile memory 7 stores an apparatus characteristic
number characteristic of the electronic money management apparatus
1. The CPU 8 obtains value data to be stored in the IC cards 2-1
through 2-n in accordance with the exchange of the value data, and
stores the obtained value data in the IC cards 2-1 through 2-n. The
connection terminals 9-1 through 9-n are connected to the IC cards
2-1 through 2-n, respectively.
[0009] Each of the IC cards 2-1 through 2-n is composed of an
external terminal 10 and an IC chip 11. The external terminal 10 is
connected to one of the connection terminals 9-1 through 9-n of the
electronic money management apparatus 1 so as to connect the IC
chip 11 with the electronic money management apparatus 1.
[0010] The IC chip 11 is composed of communication part 12, a CPU
13, a nonvolatile memory 14, and a volatile memory 15. The
communication part 12 controls communication with the electronic
money management apparatus 1.
[0011] The CPU 13 controls writing the value data to and reading
the value data from the nonvolatile memory 14 in accordance with a
program stored in the nonvolatile memory 14. The nonvolatile memory
14 includes an EEPROM and stores the value data and the program
executed by the CPU 13. The volatile memory 15 is used as a working
storage for processing by the CPU 13. For instance, program control
data is loaded thereinto from the nonvolatile memory 14.
[0012] In the conventional electronic money management apparatus 1,
no value data stored in the IC cards 2-1 through 2-n are
duplicated.
[0013] Therefore, if the IC cards 2-1 through 2-n are extracted
from the electronic money management apparatus 1 or otherwise
damaged, the value data of the extracted or damaged IC cards 2-1
through 2-n are lost, so that services cannot be provided.
[0014] If value data is to be duplicated in the same IC card in the
case of making a duplicate of the value data, no value data can be
read out when the IC card is extracted or damaged. Therefore, there
is no meaning in duplicating the value data. Accordingly, in the
case of duplicating the value data, it is necessary to make a
duplicate in a different IC card. In the case of duplicating the
value data in a different IC card, the value data is preserved by
the different IC card even if the original IC card is lost or
damaged.
[0015] However, once the IC card is duplicated, a false IC card may
be issued based on a false claim that either one of the IC cards is
damaged. Further, there is a problem in that when a duplicate of
the IC card is made by using an IC card that is a duplicate of
another IC card, the value data already stored in the IC card for
backup may be deleted mistakenly by a wrong operation of an
operator.
[0016] The conventional electronic money management apparatus 1
employs the IC cards 2-1 through 2-n for managing the value data.
Each of the IC cards uses the EEPROM for retaining the value data.
The number of times writing is performed to the EEPROM is
physically limited.
[0017] Therefore, if the number of times writing is performed to a
certain region of the EEPROM increases, use of the other regions of
the EEPROM with a smaller number of write operations is limited by
the life of the region with a larger number of write operations,
thus causing the problem of inefficiency.
[0018] The present invention is made in view of the above-described
points, and an object of the present invention is to provide a
recording medium control method, a data management apparatus, and a
recording medium with high reliability.
DISCLOSURE OF THE INVENTION
[0019] The above object of the present invention is achieved by a
recording medium control method for controlling access to a
plurality of recording media each storing duplicated data, wherein
each of the recording media stores identification information for
identifying which of the recording media stores the duplicated
data, it is determined whether the data of the recording media are
consistent with each other based on the identification information,
the access to the recording media is enabled if it is determined
that the data of the recording media are consistent with each
other, and the access to the recording media is inhibited if it is
determined that the data of the recording media are inconsistent
with each other.
[0020] Further, according to the present invention, each of the
recording media may store, as the identification information, first
identification information for self-identification and second
identification information for identifying another of the recording
media, and it may be determined that there is data consistency
between one of the recording media and the rest of the recording
media if the first identification information of the one of the
recording media exists as the second identification information in
the rest of the recording media.
[0021] Further, according to the present invention, each of the
recording media may store third identification information for
identifying an apparatus in which the recording media are loaded,
and the apparatus is enabled to control the recording media when
the third identification information matches identification
information of the apparatus.
[0022] The above object of the present invention is also achieved
by a data management apparatus loaded with a plurality of recording
media each storing duplicated data and controlling access to the
loaded recording media, the data management apparatus including an
access control part determining whether the duplicated data of the
recording media are consistent with each other and controlling the
access to the recording media based on a result of the
determination, wherein each of the recording media stores
identification information for identifying which of the recording
media stores the duplicated data, the access control part makes the
determination based on the identification information, and the
access control part enables the access to the recording media if
said access control part determines that the data of the recording
media are consistent with each other and inhibits the access to the
recording media if said access control part determines that the
data of the recording media are inconsistent with each other.
[0023] Further, according to the present invention, each of the
recording media may store, as the identification information, first
identification information for self-identification and second
identification information for identifying another of the recording
media, and the access control part may determine that there is data
consistency between one of the recording media and the rest of the
recording media if the first identification information of the one
of the recording media exists as the second identification
information in the rest of the recording media.
[0024] Further, according to the present invention, each of the
recording media may store third identification information for
identifying the data management apparatus in which the recording
media are loaded, and the access control part enables the data
management apparatus to control the recording media when the third
identification information matches identification information of
the data management apparatus.
[0025] Further, according to the present invention, each of the
recording media may store version information updated every time
the data thereof is updated, and the access control part may record
the data of a first one of the recording media on a second one of
the recording media so as to set the first and second recording
media controllable if the version information of the first and
second information media are different from each other, the version
information of the first recording medium being updated more times
than that of the second recording medium.
[0026] Further, the data management apparatus according to the
present invention may further include a version number update part
updating the version information of each of the recording media
when the recording media are removed from the data management
apparatus in which the recording media are loaded.
[0027] Further, according to the present invention, each of the
recording media may store determination information for determining
whether the recording medium is independently controllable, and the
access control part may recognize the determination information of
each of the recording media if the access control part determines
that there is no data consistency between the recording media, and
set one of the recording media controllable if the determination
information of the one of the recording media shows that the one of
the recording media is independently controllable.
[0028] Further, according to the present invention, each of the
recording media may store determination information for determining
whether the recording medium is in use, and the access control part
may inhibit the access to the recording media if the determination
information shows that at least one of the recording media is in
use, and sets the recording media usable if the determination
information shows that all of the recording media are unused.
[0029] Further, according to the present invention, each of the
recording media may store determination information for determining
whether the data recorded on the recording medium is valid or
invalid, and the access control part may inhibit the access to the
recording media if the determination information of one of the
recording media shows that the data recorded thereon is
invalid.
[0030] Further, according to the present invention, each of the
recording media may have the data stored divided into a plurality
of data blocks, and store data identification information for
identifying divided pieces of the data with corresponding data
block identification information for identifying the data blocks
storing the divided pieces of the data, and the access control part
may recognize the data block identification information based on
the data identification information and makes accessible one of the
data blocks which one stores a required one of the divided pieces
of the data based on the data block identification information.
[0031] Further, the data management apparatus according to the
present invention may further include a monitoring part monitoring
an abnormality in each of the recording media storing abnormal
information indicating whether another of the recording media has
the abnormality, and an information recording part recording
information indicating occurrence of the abnormality in one of the
recording media on the rest of the recording media as the abnormal
information if the abnormality in the one of the recording media is
detected.
[0032] The above object of the present invention is further
achieved by a recording medium for recording data including a
plurality of data blocks for recording the data, the data blocks
each including a data recording part recording a number of times
the data is updated as number management information, and a
recording control part moving the data stored in the data block to
a next available one of the data blocks if the number management
information reaches a preset given number of times.
BRIEF DESCRIPTION OF THE DRAWINGS
[0033] FIG. 1 is a block diagram showing a conventional
example;
[0034] FIG. 2 is a block diagram showing a first embodiment of the
present invention;
[0035] FIG. 3 is a diagram showing a data configuration of a
nonvolatile memory of an IC card according to the first embodiment
of the present invention;
[0036] FIGS. 4A through 4D are flowcharts of a duplicate cards
authentication operation according to the first embodiment of the
present invention;
[0037] FIG. 5 is a flowchart of an operation of checking
correctness of data of the IC card according to the first
embodiment of the present invention;
[0038] FIG. 6 is a flowchart of an operation of extracting the IC
card according to the first embodiment of the present
invention;
[0039] FIG. 7 is a diagram for illustrating an operation at a time
of loading the IC card in an initial state into an electronic money
management apparatus according to the first embodiment of the
present invention;
[0040] FIG. 8 is a diagram for illustrating an operation at a time
of normally moving the IC card from one electronic money management
apparatus to another according to the first embodiment of the
present invention;
[0041] FIG. 9 is a diagram for illustrating an operation at a time
of extracting the IC card forcibly from the electronic money
management apparatus according to the first embodiment of the
present invention;
[0042] FIG. 10 is a diagram for illustrating an operation at a time
of loading the IC card into the electronic money management
apparatus according to the first embodiment of the present
invention;
[0043] FIG. 11 is a diagram for illustrating an operation at a time
of occurrence of a failure in the IC card according to the first
embodiment of the present invention;
[0044] FIG. 12 is a diagram for illustrating an operation at a time
of occurrence of a failure in the electronic money management
apparatus according to the first embodiment of the present
invention;
[0045] FIG. 13 is a diagram for illustrating an operation at a time
of loading a manager card into the electronic money management
apparatus according to the first embodiment of the present
invention;
[0046] FIG. 14 is a flowchart of a normal operation according to
the first embodiment of the present invention;
[0047] FIG. 15 is a flowchart of a data write operation according
to the first embodiment of the present invention;
[0048] FIG. 16 is a flowchart of an activity check operation
according to the first embodiment of the present invention;
[0049] FIG. 17 is a diagram for illustrating commands transmitted
from the electronic money management apparatus to the IC card
according to the first embodiment of the present invention;
[0050] FIG. 18 is a diagram showing data formats of data
communicated between the electronic money management apparatus and
the IC card according to the first embodiment of the present
invention;
[0051] FIG. 19 is a diagram for illustrating a data management
structure of the IC card according to a first variation of the
first embodiment of the present invention;
[0052] FIG. 20 is a flowchart of an operation of managing the
nonvolatile memory of the IC card according to the first variation
of the first embodiment of the present invention;
[0053] FIG. 21 is a diagram showing a data configuration of the
nonvolatile memory of the IC card according to a second variation
of the first embodiment of the present invention;
[0054] FIG. 22 is a flowchart of an operation of managing the
nonvolatile memory of the IC card according to the second variation
of the first embodiment of the present invention;
[0055] FIG. 23 is a diagram for illustrating a third variation of
the first embodiment of the present invention;
[0056] FIG. 24 is a flowchart of an operation of managing the
nonvolatile memory of the IC card according to the third variation
of the first embodiment of the present invention;
[0057] FIG. 25 is a block diagram showing a second embodiment of
the present invention; and
[0058] FIG. 26 is a block diagram showing a third embodiment of the
present invention.
BEST MODE FOR CARRYING OUT THE INVENTION
[0059] FIG. 2 is a block diagram showing a first embodiment of the
present invention. In FIG. 2, the same elements as those of FIG. 1
are referred to by the same numerals, and a description thereof
will be omitted.
[0060] In this embodiment, the operations of an electronic money
management apparatus 16 and IC cards 17-1 and 17-2 and data
configuration are different from the operations of the electronic
money management apparatus 1 and the IC cards 2-1 and 2-2 and the
data configuration of FIG. 1.
[0061] External terminals 10 of the paired IC cards 17-1 and 17-2
are connected to the connection terminals 9-1 and 9-2,
respectively, of the electronic money management apparatus 16.
[0062] The electronic money management apparatus 16 controls the
data of the IC cards 17-1 and 17-2 based on a control program
stored in the built-in nonvolatile memory 7. Further, the
electronic money management apparatus 16 has apparatus
identification information (an apparatus number) for identifying
the apparatus stored in the built-in nonvolatile memory 7. The IC
cards 17-1 and 17-2 store the same value data. That is, the data is
duplicated in the IC cards 17-1 and 17-2.
[0063] FIG. 3 is a diagram showing data configuration of the
nonvolatile memory 14 of the IC card of the first embodiment of the
present invention.
[0064] The nonvolatile memory 14 of each of the IC cards 17-1 and
17-2 is composed of a card characteristic number area 17a, a card
number registration area 17b, an apparatus number registration area
17c, a version number management area 17d, a pair failure flag area
17e, an UNUSED flag area 17f, an INVALID flag area 17g, a value
data area 17h, a transaction history area 17i, a checksum data area
17j, a program area 17k, and a single use flag setting area
17l.
[0065] The card characteristic number area 17a stores an IC card
characteristic number assigned to and characteristic of each IC
card. The IC card characteristic number is identification
information for identifying each IC card. The card number
registration area 17b stores the IC card characteristic number of
an IC card paired with the IC card (a pair IC card). The apparatus
number registration area 17c stores an apparatus number. The
apparatus number is the identification information for identifying
the electronic money management apparatus 16.
[0066] The version number management area 17d stores version number
information. The version number information shows the version
number of the value data stored in the value data area 17h. The
pair failure flag area 17e stores a flag indicating whether the
pair IC card had any failure in the past. The UNUSED flag area 17f
stores a flag indicating whether the IC card is unused or in use.
The INVALID flag area 17g stores a flag indicating whether the
contents of the IC card is valid or invalid.
[0067] The value data area 17h stores the value data. The value
data, which is money information, for instance, can be updated
based on transactions. The transaction history area 17i stores
information on the history of receiving and transferring the value
data. The checksum data area 17j stores checksum data for checking
correctness of all the IC card data. The program area 17k stores
the program controlling the CPU 13. The single use flag setting
area 17l stores a flag determining whether to authorize single use
of the IC card when data duplication cannot be performed with
another IC card.
[0068] The card characteristic number area 17a, the card number
registration area 17b, the apparatus number registration area 17c,
the version number management area 17d, the pair failure flag area
17e, the UNUSED flag area 17f, the INVALID flag area 17g, the value
data area 17h, the transaction history area 17i, the checksum data
area 17j, the program area 17k, and the single use flag setting
area 17l of the nonvolatile memory 14 are all duplicated.
[0069] Next, a detailed description will be given of an operation
according to a method of authenticating duplicate cards which
method is executed when the electronic money management apparatus
16 is started.
[0070] FIGS. 4A through 4D are flowcharts of the duplicate cards
authentication operation according to the first embodiment of the
present invention.
[0071] In step S1-1 of FIG. 4A, the IC cards 17-1 and 17-2 are
loaded into the electronic money management apparatus 16 and the
electronic money management apparatus 16 is turned on. When the IC
cards 17-1 and 17-2 are loaded into the electronic money management
apparatus 16 and the electronic money management apparatus 16 is
turned on in step S1-1, the IC cards 17-1 and 17-2 are also turned
on so that the control programs are started, and the correctness of
the data is checked in each of the IC cards 17-1 and 17-2.
[0072] FIG. 5 is a flowchart of an operation of checking the
correctness of the data of each IC card of the first embodiment of
the present invention.
[0073] After the electronic money management apparatus 16 is turned
on, in step S2-1, the loaded IC cards 17-1 and 17-2 are turned
on.
[0074] After the IC cards 17-1 and 17-2 are turned on in step S2-1,
step S2-2 is performed on the IC cards 17-1 and 17-2. In step S2-2,
all of the data stored in the nonvolatile memory 14 of each of the
IC cards 17-1 and 17-2 is read out so that the exclusive logical
sum of (that is, the result of an XOR operation performed on) all
of the data read out from each nonvolatile memory 14 is
obtained.
[0075] After the exclusive logical sum of all of the data read out
from each nonvolatile memory 14 is obtained in step S2-2, in step
S2-3, the exclusive logical sum is compared with the checksum data
stored in the checksum data area 17j of the nonvolatile memory 14.
In step S2-4, it is determined, as a result of the comparison in
step S2-3, whether the checksum data stored in the checksum data
area 17j of the nonvolatile memory 14 matches the exclusive logical
sum of all of the data obtained in step S2-2.
[0076] If the checksum data matches the exclusive logical sum of
all of the data in step S2-4, it is deter